Search
Keyword: URL
Trojan connects to the following website to send and receive information: http://{BLOCKED}npride.net:443 NOTES: This Trojan connects to the URL above to download the key used in encrypting the files. It
command to ping the specified URL with a specific buffer size: ping -n 4294967265 -l 65500 {BLOCKED}.{BLOCKED}.204.222:80 It displays the following ransom note after restarting the system: This ransomware
}i.com/api/ip It does the following: Connects to the following URL to report back to its C&C server: http://api.{BLOCKED}i.com/api/report The downloaded file %Program Files%\Google\Chrome\Application\winhttp.dll
{filename3} {filename1,2,3} are based from the URL (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and Settings\{user name}\Application Data on Windows 2000, Windows
algorithm to use [scrypt(1024, 1, 1) (default), scrypt, sha256d, SHA-256d] -o, --url=URL ==> URL of mining server (default: http://127.0.0.1:9332/) -O, --userpass=U:P ==> username:password pair for mining
not have rootkit capabilities. Download Routine This Worm downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}1.{BLOCKED}w.com/rundlll2.dll
banking information by querying the victim's Facebook payment information. This Trojan Spy connects to the following Facebook URL to steal victim's information:
computer Upload file/s to affected computer Delete file/s from affected computer Rename file/s from affected computer Create new directory Search a file from affected computer Download file from url Download
downloaded plugin Start and Stop plugin Perform Remote Shell Update URL list Update itself Update Plugin Modify Config Manage File Manage MBR Send gathered data Information Theft This backdoor gathers the
inaccessible. NOTES: This Trojan does not encrypt files with the following extensions: chm ini tmp log url lnk cmd bat scr msi sys dll exe It deletes shadow copies by executing the following command: vssadmin.exe
Environment This ransomware is possibly a research-type ransomware. C:\ClicoCrypter\READMYFIRST.info contains: It shows following windows after execution: It connects to the following URL after encryption:
Time Change download URL Sleep Gather System Information Perform Remote Shell Create or terminate processes Upload, Download, or Execute Files Enumerate all drives with corresponding drive types Get
the following commands from a remote malicious user: Execute Powershell commands Uninstall itself Install PlugIn Change Activity Time Change download URL Sleep Gather System Information Perform Remote
system's IP address: http://icanhazip.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/9-S12/{data} to report
system's IP address: http://icanhazip.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/14BR11/{data} to report
http://icanhazip.com/ It gathers the following information and reports it to its servers: Computer Name OS version Service Pack IP Address NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{random
itself NOTES: This Trojan connects to the URL http://{BLOCKED}.{BLOCKED}.90.166:{port number}/19S13/{data} to report infection of the affected system. It installs authentication certificates to enable
connects to the following URL(s) to get the affected system's IP address: http://myip.dnsomatic.com/ It deletes the initially executed copy of itself NOTES: This Trojan connects to the URL http://{BLOCKED}.
-D -nc -m -pw -P -agent -pagent -pageant -noagent -nopagent -nopageant -x -X -t -T -N -C -1 -2 -i -4 -ipv4 -6 -ipv6 It connects to the following URL to send its gathered information: {BLOCKED}.{BLOCKED
addresses vulnerabilities found in Microsoft SharePoint and Microsoft SharePoint Foundation. When exploited via a malicious URL pointing to a SharePoint site, it can allow elevation of privilege. Read more